CVE-2007-5223 Information

Description

Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact related to incorrect input validation or other defects involving (1) admin/backupstart.php (2) a .sql filename under admin/admin/dump/ (3) a .sql filename in the fl parameter to admin/downloadbackup.php and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php.

Reference

http://osvdb.org/42342 http://osvdb.org/42343 http://osvdb.org/42344 http://securityreason.com/securityalert/3191 http://www.securityfocus.com/archive/1/481206/100/0/threaded http://www.securityfocus.com/bid/25882 http://www.vupen.com/english/advisories/2007/3344